Category Started On Completed On Duration Cuckoo Version
FILE 2014-06-26 04:28:08 2014-06-26 04:30:32 144 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine1 machine1 VirtualBox 2014-06-26 04:28:09 2014-06-26 04:30:32

File Details

File name Tax_76483691535948579.elc.exe
File size 98304 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 EDC27C4E
MD5 8c0d8bb7559129410427074745c585ab
SHA1 f3f5d49c20703f35e6c7fb6053fa810c677e0e7a
SHA256 750d533898f19c606ee9e96ff72c1aa3d830c469f2f564890ebbc38b169eb41b
SHA512 2bff2c772b6a2730e4e5d9d59284e89683c5b3dfdb5ccdfebc2ddc8363a0c9030d58c7ecb2fed6cf9a20dd2f8d2dcf82348794f7e6c77e3707965c5ae39d5955
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-06-26 05:37:39
Detection Rate: 44/54 (Expand)

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Nothing to display.

Behavior Summary

Files
  • C:\DOCUME~1\mohn\LOCALS~1\Temp\Tax_76483691535948579.elc.exe
  • C:\DOCUME~1\mohn\LOCALS~1\Temp\TAX_76~1.EXE
  • C:\DOCUME~1\mohn\LOCALS~1\Temp\ProgramFiles\Dvdmaker\Dvdmaer.EXE\\xc2\x90
  • C:\DOCUME~1\mohn\LOCALS~1\Temp\E\:MYApp\.Exe
  • C:\myapp.exe
  • C:\WINDOWS\system32
  • *.dll
  • C:\
Mutexes
  • CTF.TimListCache.FMPDefaultS-1-5-21-1202660629-1606980848-1957994488-1003MUTEX.DefaultS-1-5-21-1202660629-1606980848-1957994488-1003
Registry Keys
  • HKEY_CURRENT_USER\software
  • HKEY_CURRENT_USER\software\
  • HKEY_CURRENT_USER\software\\Matrix
  • HKEY_CURRENT_USER\software\\Matrix\Recent File List
  • HKEY_CURRENT_USER\software\\Matrix\Settings
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • Matrix.Document
  • Matrix.Document\DefaultIcon
  • Matrix.Document\shell\open\command
  • Matrix.Document\shell\print\command
  • Matrix.Document\shell\printto\command
  • .max
  • HKEY_CLASSES_ROOT\.max\ShellNew
  • HKEY_USERS\S-1-5-21-1202660629-1606980848-1957994488-1003
  • HKEY_USERS\S-1-5-21-1202660629-1606980848-1957994488-1003\Control Panel\Desktop

Processes

registry filesystem process services network synchronization

Tax_76483691535948579.elc.exe PID: 380, Parent PID: 240

Tax_76483691535948579.elc.exe PID: 1892, Parent PID: 380

Volatility

Nothing to display.